cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

SSO logon not possible; no logon ticket due to incorrect configuration

Former Member

on ‎06-16-2009 4:19 PM

0 Kudos

Hello Experts,

We have recently installed SAP CRM 7.0. While Login to WEB UI, they system is asking for user id and password for atleast four times.

We get the warning "SSO logon not possible; no logon ticket due to incorrect configuration". Choose "Logon" to continue A dialog box appears in which you can enter your user and password".

When we enter the user ID and Password second time, it redirects to weblink saying

"There is a new way of starting SAP CRM; adjust your favorites

You can use the following link:

http://<hostname.domain>:8000/sap/crm_logon?sap-client=100 "

When we click on the link it again asks for user name and password. We get the same warning as mentioned earlier "SSO logon not possible; no logon ticket due to incorrect configuration".

After entering user id and password we get the business role screen. It again asks for the user ID and Password(fourth time).

We have the profile parameters:

login/accept_sso2_ticket-->1

login/create_sso2_ticket-->2

We have also installed SAP crtypo.dll.

Please advice. Your suggestions are highly appreciated.

Regards,

Dave.

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (1)

Answers (1)

stephenjohannes
Active Contributor
‎06-16-2009 4:31 PM
0 Kudos

Dave,

Well a few more items to check would be:

icm/HTTPS/verify_client = 0

ssf/name = SECLIB

ssf/ssfapi_lib = <path to sapcrypto.dll>

sec/libsapsecu = <path to sapcrypto.dll>

ssl/ssl_lib = <path to sapcrypto.dll>

verify the server ports:

icm/server_port_0 = PROT=HTTP,PORT=<unsecure port>

icm/server_port_1 = PROT=HTTPS,PORT=<secure port>

If you are running on unix then you need to use a port above 1024 or have to do a special binding procedure to use ports below 1024. In addition installing the crypto library requires an instance restart to take effect. You'll also want to verify the /sap/crm_logon alias is using the standard login procedure. On the error pages tab, you'll want to change the System Login configuration to use SSL.

In addition check your FQDN settings on your CRM box. Do a search for this term to find some other tips on setting up this piece.

Take care,

Stephen

Show replies
Show replies
Former Member
‎06-17-2009 7:51 AM
0 Kudos

Hello Stephen,

Thanks for you inputs.

Like you mentioned, I have double checked the below in the profile parameter:

icm/HTTPS/verify_client = 0

ssf/name = SAPSECULIB

ssf/ssfapi_lib = $(ssl/ssl_lib)

sec/libsapsecu = $(ssl/ssl_lib

ssl/ssl_lib = $(DIR_EXECUTABLE)$(DIR_SEP)$(FT_DLL_PREFIX)sapcrypto$(FT_DLL)

We are using windows 2003 64 bit server:

icm/server_port_0 = PROT=HTTP,PORT=80$$

icm/server_port_1 = PROT=SMTP,PORT=25,TIMEOUT=300,PROCTIMEOUT=600

Please let me know if the values set in above profile parameters are correct.

If I specify <path to sapcrypto.dll> in the below parameters, I am unable to start the instance Dispatcher stops:

ssf/ssfapi_lib = <path to sapcrypto.dll>

sec/libsapsecu = <path to sapcrypto.dll>

ssl/ssl_lib = <path to sapcrypto.dll>

Please advice

Dave

stephenjohannes
Active Contributor
‎06-17-2009 1:39 PM
0 Kudos

Dave,

Well the only thing you look like you are missing is the HTTPS service definition. Not required for SSO, but definitely a must.

Now keep in mind we fully specify the paths to the sapcrypto.dll in our system. Your ssf/name parameter looks fine. All our parameters are specified in the instance profile

I'm still guessing that upon startup the crypto library can't be found. Review the startup logs in SMICM to verify that there are no error messages regarding the installation of the library. If you don't see this, verify that the system PSE is generated in transaction strust

Take care,

Stephen

Former Member
‎08-19-2009 1:41 PM
0 Kudos

Hi Dave,

Did you resolve? We are seeing the same behaivor.

Thanks,

Glenn

Former Member
‎08-19-2009 6:54 PM
0 Kudos

was the crypto library for us, all is well.

Former Member
‎04-14-2011 8:29 AM
0 Kudos

Hi to all,

Could you check your user data with t-code SU01.

In logon data tab you will see user type. It should be A-Dialog. If it is S-Service, It gives this message in logon step and asks for your logon data many times.

Best wishes,,,

Ümit Yılmaz

Former Member
‎04-18-2011 1:50 PM
0 Kudos

Hi Umit,

Switching to dialog user resolved our issue as well. It would be great if you can point to any SAP note/documention providing more details into this issue.

Thanks,

Sri

Ask a Question